Shodan.io is a service that scans IP addresses and displays the results for ANYONE to see. When I search for Sonicwall, it returns almost 1 million records.
You can also search by IP address and if you have a Sonicwall, here is an example of what is returned:
SonicWALL firewall http config
HTTP/1.0 200 OK Server: SonicWALL Expires: -1 Cache-Control: no-cache Content-type: text/html; charset=UTF-8; X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss:; SonicWall: SonicOS Version: 6.x Serial Number: 18B169EA1278
A hacker loves that it identifies itself and the major OS version. Its just a matter of looking up CVE's to find the right exploit.
Is there a way to prevent the firewall from identifying itself and leaking this data? I'm asking because we are trying to get cybersecurity insurance and this has lowered our score making us riskier.